diff --git a/dot_config/flake/machines/saffron/configuration.nix b/dot_config/flake/machines/saffron/configuration.nix
index df6038d..6232a9e 100644
--- a/dot_config/flake/machines/saffron/configuration.nix
+++ b/dot_config/flake/machines/saffron/configuration.nix
@@ -31,7 +31,7 @@
   };
 
   networking.hostName = "saffron"; # Define your hostname.
-  networking.firewall.allowedTCPPorts = [ 443 ];
+  networking.firewall.allowedTCPPorts = [443 80];
 
   # Caddy reverse proxy with DNS challenge
   services.caddy = {
@@ -49,6 +49,84 @@
         reverse_proxy serenity.pizzly-bortle.ts.net:5600
       '';
     };
+    virtualHosts."search.mayoff.ca" = {
+      extraConfig = ''
+        tls {
+          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+        }
+        reverse_proxy serenity.pizzly-bortle.ts.net:6000
+      '';
+    };
+    virtualHosts."monitor.mayoff.ca" = {
+      extraConfig = ''
+        tls {
+          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+        }
+        reverse_proxy serenity.pizzly-bortle.ts.net:8090
+      '';
+    };
+    virtualHosts."gitforge.mayoff.ca" = {
+      extraConfig = ''
+        tls {
+          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+        }
+        reverse_proxy serenity.pizzly-bortle.ts.net:3000
+      '';
+    };
+    virtualHosts."immich.mayoff.ca" = {
+      extraConfig = ''
+        tls {
+          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+        }
+        reverse_proxy serenity.pizzly-bortle.ts.net:2283
+      '';
+    };
+    virtualHosts."nextcloud.mayoff.ca" = {
+      extraConfig = ''
+        tls {
+          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+        }
+        reverse_proxy serenity.pizzly-bortle.ts.net:8100
+      '';
+    };
+    # virtualHosts."documentserver.mayoff.ca" = {
+    #   extraConfig = ''
+    #     tls {
+    #       dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+    #     }
+    #     reverse_proxy serenity.pizzly-bortle.ts.net:8101
+    #   '';
+    # };
+    virtualHosts."chat.mayoff.ca" = {
+      extraConfig = ''
+        tls {
+          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+        }
+        reverse_proxy serenity.pizzly-bortle.ts.net:8009
+      '';
+    };
+    virtualHosts."media.mayoff.ca" = {
+      extraConfig = ''
+        tls {
+          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+        }
+        reverse_proxy serenity.pizzly-bortle.ts.net:8096
+      '';
+    };
+    virtualHosts."homeassistant.mayoff.ca" = {
+      extraConfig = ''
+        tls {
+          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+        }
+        reverse_proxy homeassistant.pizzly-bortle.ts.net:8123 {
+          header_up Host {upstream_hostport}
+          header_up X-Real-IP {remote_host}
+          header_up X-Forwarded-For {remote_host}
+          header_up X-Forwarded-Proto {scheme}
+          header_up X-Forwarded-Host {host}
+        }
+      '';
+    };
   };
 
   # Set your time zone.